Managing secure sharing of private information across security domains

US 8,281,370 B2
Filed: 11/27/2006
Issued: 10/02/2012
Est. Priority Date: 11/27/2006
Status: Active Grant

First Claim

Patent Images

1. A method of sharing information among at least a first organization and a second organization, the method comprising:

(a) receiving by one or more physical nodes a first request for authorization for a user in the first organization to access one or more individual'"'"'s information in the second organization, wherein the first organization is associated with a first security domain, the second organization is associated with a second security domain, the second organization has an access profile associated with the first security domain, the user is associated with one or more roles and one or more caseloads, each of the one or more individual'"'"'s information in the second organization has at least one type, the one or more roles includes access privilege information for one or more users, and the one or more caseloads includes access privilege information for at least one individual or medical services program;

(b) logging by the one or more physical nodes, in an activity log associated with at least the first organization or the second organization, the user'"'"'s first request for authorization for the user in the first organization to access the individual'"'"'s information in the second organization;

(c) determining by the one or more physical nodes whether the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization, wherein the determination is based on at least the access profile, the one or more caseloads and the one or more roles associated with the user₁and the type of the one or more individual'"'"'s information in the second organization;

(d) responsive to determining that the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization;

(d)(i) transferring by the one or more physical nodes the one or more individual'"'"'s information in the second organization to the user in the first organization;

(d)(ii) logging by the one or more physical nodes, in the activity log, the transferring of the one or more individual'"'"'s information in the second organization to the user in the first organization.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for sharing information across at least two organizations is described. A physical node may receive a request for authorization for a user in an organization to access an individual'"'"'s information in another organization. The request may be logged. The physical node may determine whether the user is authorized to access the individual'"'"'s information and, if it is, provide appropriate access.

53 Citations

View as Search Results

77 Claims

1. A method of sharing information among at least a first organization and a second organization, the method comprising:
- (a) receiving by one or more physical nodes a first request for authorization for a user in the first organization to access one or more individual'"'"'s information in the second organization, wherein the first organization is associated with a first security domain, the second organization is associated with a second security domain, the second organization has an access profile associated with the first security domain, the user is associated with one or more roles and one or more caseloads, each of the one or more individual'"'"'s information in the second organization has at least one type, the one or more roles includes access privilege information for one or more users, and the one or more caseloads includes access privilege information for at least one individual or medical services program;
  
  (b) logging by the one or more physical nodes, in an activity log associated with at least the first organization or the second organization, the user'"'"'s first request for authorization for the user in the first organization to access the individual'"'"'s information in the second organization;
  
  (c) determining by the one or more physical nodes whether the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization, wherein the determination is based on at least the access profile, the one or more caseloads and the one or more roles associated with the user₁and the type of the one or more individual'"'"'s information in the second organization;
  
  (d) responsive to determining that the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization;
  
  (d)(i) transferring by the one or more physical nodes the one or more individual'"'"'s information in the second organization to the user in the first organization;
  
  (d)(ii) logging by the one or more physical nodes, in the activity log, the transferring of the one or more individual'"'"'s information in the second organization to the user in the first organization.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 2. The method of claim 1, wherein the one or more roles apply to one or more of plan or report applications, data applications, or common applications.
  - 3. The method of claim 1, wherein the one or more roles include one or more of a submit role, review role, deactivate role, approve role, follow-up role, enter role, view role, update role, send to archive role, view update history role, view archive role, update archive role, or emergency view role.
  - 4. The method of claim 1, wherein the first organization and the second organization are governed by HIPAA regulations.
  - 5. The method of claim 1, wherein the first organization is a hospital.
  - 6. The method of claim 1, wherein the second organization is a hospital.
  - 7. The method of claim 1, wherein the one or more individual'"'"'s information includes personal health information associated with the one or more individual.
  - 8. The method of claim 1, wherein the first organization is a healthcare provider.
  - 9. The method of claim 1, wherein the second organization is a healthcare provider.
  - 10. The method of claim 1, wherein the first organization is run by a state.
  - 11. The method of claim 1, wherein the second organization is run by a state.
  - 12. The method of claim 1, wherein the one or more individual is a medical patient.
  - 13. The method of claim 1, wherein the one or more individual has one or more developmental disabilities.
  - 14. The method of claim 1, wherein the user is the one or more individual'"'"'s parent or guardian.
  - 15. The method of claim 1, wherein the user is a staff person of the first or second organizations.
  - 16. The method of claim 1, wherein the user is a staff person of the first organization.
  - 17. The method of claim 1, wherein the user is a service provider associated with the first organization.
  - 18. The method of claim 1, wherein the user is a doctor associated with the first organization.
  - 19. The method of claim 1, wherein the user is a volunteer associated with the first organization.
  - 20. The method of claim 1, wherein the user is a health care professional associated with the first organization.
  - 21. The method of claim 1, wherein the user is a case manager associated with the first organization.
  - 22. The method of claim 1, wherein the one or more physical nodes include one or more computers.
  - 23. The method of claim 1, wherein the one or more physical nodes are at least two physical nodes that are not identical and operate independently of each other.
  - 24. The method of claim 1, wherein the one or more physical nodes include one or more storage arrays.
  - 25. The method of claim 1, wherein the one or more physical nodes include one or more physical disc drives.
  - 26. The method of claim 1, wherein the one or more physical nodes are operated in or more physical locations.
  - 27. The method of claim 1, the method further comprising:
    - (d)(iii) receiving by the one or more physical nodes a second request for authorization for the user in the first organization to change the one or more individual'"'"'s information in the second organization;
      
      (d)(iv) logging, in the activity log, by the one or more physical nodes the user'"'"'s second request for authorization for the user in the first organization to change the one or more individual'"'"'s information in the second organization;
      
      (d)(v) determining by the one or more physical nodes whether the user in the first organization is authorized to change the one or more individual'"'"'s information in the second organization, wherein the determination is based on at least the access profile, the one or more caseloads and one or more roles associated with the user in the first organization, and the type of the one or more individual'"'"'s information in the second organization;
      
      (d)(vi) responsive to determining that the user in the first organization is authorized to change the one or more individual'"'"'s information in the second organization;
      
      (d)(vi)(A) allowing by the one or more physical nodes the user in the first organization to change the one or more individual'"'"'s information in the second organization;
      
      (d)(vi)(B) logging, in the activity log, by the one or more physical nodes the user in the first organization'"'"'s changes to the one or more individual'"'"'s information in the second organization.

28. A non-transitory computer-readable storage media having computer executable code stored thereon, the code for sharing information among at least a first organization and a second organization, the code, when executed:
- (a) receives a first request for authorization for a user in the first organization to access one or more individual'"'"'s information in the second organization, wherein the first organization is associated with a first security domain, the second organization is associated with a second security domain, the second organization has an access profile associated with the first security domain, the user is associated with one or more roles and one or more caseloads, each of the one or more individual'"'"'s information in the second organization has at least one type, the one or more roles includes access privilege information for one or more users, and the one or more caseloads includes access privilege information for at least one individual or medical services program;
  
  (b) logs, in an activity log associated with at least the first organization or the second organization, the user'"'"'s first request for authorization for the user in the first organization to access the individual'"'"'s information in the second organization;
  
  (c) determines whether the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization, wherein the determination is based on at least the access profile, the one or more caseloads and the one or more roles associated with the user; and
  
  the type of the one or more individual'"'"'s information in the second organization;
  
  (d) responsive to determining that the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization;
  
  (d)(i) transfers the one or more individual'"'"'s information in the second organization to the user in the first organization;
  
  (d)(ii) logs, in the activity log, the transferring of the one or more individual'"'"'s information in the second organization to the user in the first organization.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
- - 29. The non-transitory computer-readable storage media of claim 28, wherein the one or more roles apply to one or more of plan or report applications, data applications, or common applications.
  - 30. The non-transitory computer-readable storage media of claim 28, wherein the one or more roles include one or more of a submit role, review role, deactivate role, approve role, follow-up role, enter role, view role, update role, send to archive role, view update history role, view archive role, update archive role, or emergency view role.
  - 31. The non-transitory computer-readable storage media of claim 28, wherein the first organization and the second organization are governed by HIPAA regulations.
  - 32. The non-transitory computer-readable storage media of claim 28, wherein the first organization is a hospital.
  - 33. The non-transitory computer-readable storage media of claim 28, wherein the second organization is a hospital.
  - 34. The non-transitory computer-readable storage media of claim 28, wherein the one or more individual'"'"'s information includes personal health information associated with the individual.
  - 35. The non-transitory computer-readable storage media of claim 28, wherein the first organization is a healthcare provider.
  - 36. The non-transitory computer-readable storage media of claim 28, wherein the second organization is a healthcare provider.
  - 37. The non-transitory computer-readable storage media of claim 28, wherein the first organization is run by a state.
  - 38. The non-transitory computer-readable storage media of claim 28, wherein the second organization is run by a state.
  - 39. The non-transitory computer-readable storage media of claim 28, wherein the individual is a medical patient.
  - 40. The non-transitory computer-readable storage media of claim 28, wherein the one or more individuals have one or more developmental disabilities.
  - 41. The non-transitory computer-readable storage media of claim 28, wherein the user is one of the one or more individual'"'"'s parent or guardian.
  - 42. The non-transitory computer-readable storage media of claim 28, wherein the user is a staff person of the first or second organizations.
  - 43. The non-transitory computer-readable storage media of claim 28, wherein the user is a service provider associated with the first organization.
  - 44. The non-transitory computer-readable storage media of claim 28, wherein the user is a doctor associated with the first organization.
  - 45. The non-transitory computer-readable storage media of claim 28, wherein the user is a volunteer associated with the first organization.
  - 46. The non-transitory computer-readable storage media of claim 28, wherein the user is a health care professional associated with the first organization.
  - 47. The non-transitory computer-readable storage media of claim 28, wherein the user is a case manager associated with the first organization.
  - 48. The non-transitory computer-readable storage media of claim 28, wherein the non-transitory computer-readable storage media is one or more storage arrays.
  - 49. The non-transitory computer-readable storage media of claim 28, wherein the non-transitory computer-readable storage media is one or more disc drives.

50. A system accessible by a user, wherein when the user accesses the system, the system:
- (a) receives a first request for authorization for a user in the first organization to access one or more individual'"'"'s information in the second organization, wherein the first organization is associated with a first security domain, the second organization is associated with a second security domain, the second organization has an access profile associated with the first security domain, the user is associated with one or more roles and one or more caseloads, each of the one or more individual'"'"'s information in the second organization has at least one type, the one or more roles includes access privilege information for one or more users, and the one or more caseloads includes access privilege information for at least one individual ‘
  
  or medical services program;
  
  (b) logs, in an activity log of a physical node, said activity log associated with at least the first organization or the second organization, the user'"'"'s first request for authorization for the user in the first organization to access the individual'"'"'s information in the second organization;
  
  (c) determines whether the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization, wherein the determination is based on at least the access profile, the one or more caseloads and the one or more roles associated with the user₁and the type of the one or more individual'"'"'s information in the second organization;
  
  (d) responsive to determining that the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization;
  
  (d)(i) transfers the one or more individual'"'"'s information in the second organization to the user in the first organization;
  
  (d)(ii) logs, in the activity log of said physical node, the transferring of the one or more individual'"'"'s information in the second organization to the user in the first organization.
- View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 70, 71, 72, 73)
- - 51. The system claim 50, wherein the one or more roles apply to one or more of plan or report applications, data applications, or common applications.
  - 52. The system of claim 50, wherein the one or more roles include one or more of a submit role, review role, deactivate role, approve role, follow-up role, enter role, view role, update role, send to archive role, view update history role, view archive role, update archive role, or emergency view role.
  - 53. The system of claim 50, wherein the first organization and the second organization are governed by HIPAA regulations.
  - 54. The system of claim 50, wherein the first organization is a hospital.
  - 55. The system of claim 50, wherein the second organization is a hospital.
  - 56. The system of claim 50, wherein the one or more individual'"'"'s information includes personal health information associated with the one or more individual.
  - 57. The system of claim 50, wherein the first organization is a healthcare provider.
  - 58. The system of claim 50, wherein the second organization is a healthcare provider.
  - 59. The system of claim 50, wherein the first organization is run by a state.
  - 60. The system of claim 50, wherein the second organization is run by a state.
  - 61. The system of claim 50, wherein the individual is a medical patient.
  - 62. The system of claim 50, wherein the one or more individual has one or more developmental disabilities.
  - 63. The system of claim 50, wherein the user is the one or more individual'"'"'s parent or guardian.
  - 64. The system of claim 50, wherein the user is a staff person of the first or second organizations.
  - 65. The system of claim 50, wherein the user is a staff person of the first organization.
  - 66. The system of claim 50, wherein the user is a service provider associated with the first organization.
  - 67. The system of claim 50, wherein the user is a doctor associated with the first organization.
  - 68. The system of claim 50, wherein the user is a volunteer associated with the first organization.
  - 70. The system of claim 50, wherein the user is a case manager associated with the first organization.
  - 71. The system of claim 50, wherein the system is one or more physical nodes.
  - 72. The system of claim 50, wherein the system includes one or more computers.
  - 73. The system of claim 50, wherein the system is one or more computers.

69. The system of 50, wherein the user is a health care professional associated with the first organization.

74. A method of sharing information among at least a first organization and a second organization, the method comprising:
- (a) receiving by one or more physical nodes a first request for authorization for a user in the first organization to access one or more individual'"'"'s information in the second organization, wherein the first request for authorization includes one or more of the one or more individual'"'"'s name, social security number, state identification number, birth date, home address, and medicaid number, the first organization is associated with a first security domain, the second organization is associated with a second security domain, the second organization has an access profile associated with the first security domain, the user in the first organization is associated with one or more roles and one or more caseloads, and the one or more individual'"'"'s information in the second organization has at least one type, the one or more roles includes access privilege information for one or more users, and the one or more caseloads includes access privilege information for at least one individual or medical services program;
  
  (b) logging by the one or more physical nodes, in an activity log associated with at least the first organization or the second organization, the user'"'"'s first request for authorization for the user in the first organization to access the one or more individual'"'"'s information in the second organization;
  
  (c) determining by the one or more physical nodes whether the one or more individual'"'"'s information in the second organization is accessible based on the one or more of the one or more individual'"'"'s name, social security number, state identification number, birth date, and medicaid number;
  
  (d) responsive to determining that the individual'"'"'s information in the second organization is accessible based on the one or more of the one or more individual'"'"'s name, social security number, state identification number, birth date, and medicaid number;
  
  (d)(i) determining by the one or more physical nodes whether the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization, wherein the determination is based on at least the access profile, the one or more caseloads and one or more roles associated with the user, and the type of the individual'"'"'s information in the second organization;
  
  (d)(ii) responsive to determining that the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization;
  
  (d)(ii)(A) transferring by the one or more physical nodes the one or more individual'"'"'s information in the second organization to the user;
  
  (d)(ii)(B) logging by the one or more physical nodes, in the activity log, the transferring of the one or more individual'"'"'s information in the second organization to the user.
- View Dependent Claims (75)
- - 75. The method of claim 74, the method further comprising:
    - (d)(ii)(C) receiving by the one or more physical nodes a second request for authorization for the user in the first organization to change the individual'"'"'s information in the second organization;
      
      (d)(ii)(D) logging by the one or more physical nodes, in the activity log, the user'"'"'s second request for authorization for the user in the first organization to change the individual'"'"'s information in the second organization;
      
      (d)(ii)(E) determining by the one or more physical nodes whether the user in the first organization is authorized to change the individual'"'"'s information in the second organization, wherein the determination is based on at least the access profile, the one or more caseloads and one or more roles associated with the user and the type of the individual'"'"'s information;
      
      (d)(ii)(F) responsive to determining that the user in the first organization is authorized to change the individual'"'"'s information in the second organization;
      
      (d)(ii)(f)(i)(F)(1) allowing by the one or more physical nodes the user in the first organization to change the individual'"'"'s information in the second organization;
      
      (d)(ii)(4)(ii)(F)(II) logging by the one or more physical nodes, in the activity log, the user'"'"'s changes to the individual'"'"'s information.

76. A non-transitory computer-readable storage media having computer executable code stored thereon, the code for sharing information among at least a first organization and a second organization, the code, when executed:
- (a) receives a first request for authorization for a user in the first organization to access one or more individual'"'"'s information in the second organization, wherein the first request for authorization includes one or more of the one or more individual'"'"'s name, social security number, state identification number, birth date, home address, and medicaid number, the first organization is associated with a first security domain, the second organization is associated with a second security domain, the second organization has an access profile associated with the first security domain, the user in the first organization is associated with one or more roles and one or more caseloads, and each of the one or more individual'"'"'s information in the second organization has at least one type, the one or more roles includes access privilege information for one or more users, and the one or more caseloads includes access privilege information for at least one individual or medical services program;
  
  (b) logs, in an activity log associated with at least the first organization or the second organization, the user'"'"'s first request for authorization for the user in the first organization to access the one or more individual'"'"'s information in the second organization;
  
  (c) determines whether the one or more individual'"'"'s information in the second organization is accessible based on at least the access profile, the one or more of the one or more individual'"'"'s name, social security number, state identification number, birth date, and medicaid number;
  
  (d) responsive to determining that the individual'"'"'s information in the second organization is accessible based on the one or more of the one or more individual'"'"'s name, social security number, state identification number, birth date, and medicaid number;
  
  (d)(i) determines whether the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization, wherein the determination is based at least the access profile, on the one or more caseloads and one or more roles associated with the user, and the type of the individual'"'"'s information in the second organization;
  
  (d)(ii) responsive to determining that the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization;
  
  (d)(ii)(A) transfers the one or more individual'"'"'s information in the second organization to the user;
  
  (d)(ii)(B) logs, in the activity log, the transferring of the one or more individual'"'"'s information in the second organization to the user.

77. A system accessible by a user, wherein when the user accesses the system, the system:
- (a) receives a first request for authorization for a user in the first organization to access one or more individual'"'"'s information in the second organization, wherein the first request for authorization includes one or more of the one or more individual'"'"'s name, social security number, state identification number, birth date, home address, and medicaid number, the first organization is associated with a first security domain, the second organization is associated with a second security domain, the second organization has an access profile associated with the first security domain, the user in the first organization is associated with one or more roles and one or more caseloads, each of the one or more individual'"'"'s information in the second organization has at least one type, the one or more roles includes access privilege information for one or more users, and the one or more caseloads includes access privilege information for at least one individual or medical services program;
  
  (b) logs, in an activity log of a physical node, said activity log associated with at least the first organization or the second organization, the user'"'"'s first request for authorization for the user in the first organization to access the one or more individual'"'"'s information in the second organization;
  
  (c) determines whether the one or more individual'"'"'s information in the second organization is accessible based on the one or more of the one or more individual'"'"'s name, social security number, state identification number, birth date, and medicaid number;
  
  (d) responsive to determining that the individual'"'"'s information in the second organization is accessible based on the one or more of the one or more individual'"'"'s name, social security number, state identification number, birth date, and medicaid number;
  
  (d)(i) determines whether the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization, wherein the determination is based on at least the access profile, the one or more caseloads and one or more roles associated with the user, and the type of the individual'"'"'s information in the second organization;
  
  (d)(ii)(A) transfers the one or more individual'"'"'s information in the second organization to the user;
  
  (d)(ii)(B) logs, in the activity log of said physical node, the transferring of the one or more individual'"'"'s information in the second organization to the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Therap Services LLC
Original Assignee
The Therap Services LLP
Inventors
Robbins, Richard Allen, Gifford, Warren Stanton, Brockie, Justin Mark, Kelly, James Michael, Hasanat, Mojahedul Hoque Abul, Turock, Bradley Drew, Rahman, Ziaur
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
Almamun, Abdullah

Application Number

US11/604,577
Publication Number

US 20080127310A1
Time in Patent Office

2,136 Days
Field of Search

726/4
US Class Current

726/4
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G16H 10/60   for patient-specific data, ...

G16H 40/67   for remote operation

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

Managing secure sharing of private information across security domains

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

77 Claims

Specification

Solutions

Use Cases

Quick Links

Managing secure sharing of private information across security domains

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

77 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links